On Tue, Jun 7, 2011 at 10:35 AM, Nico Williams <nico@cryptonector.com> wrote:
> On Mon, Jun 6, 2011 at 10:25 PM, Paul E. Jones <paulej@packetizer.com> wrote:
>> Nico,
>>
>> Sorry for coming into this so late, but I just saw this message.
>>
>> I don't have all of the background, but when I saw this message header and
>> some of the dialog, it seems there is a desire to provide some level of
>> authentication to requests and/or responses between the clients and servers.
>>
>> Gonzalo and I worked on this:
>> https://tools.ietf.org/html/draft-salgueiro-secure-state-management-04
>>
>> This may not be entirely complete, but the idea was to allow a client and
>> server to establish an association so that requests and responses could be
>> authenticated. Â Is this something along the lines of what you are
>> discussing, or is this an entirely different application?
>
> I'm completely on-board with session state[*]. Â My comments were
> particularly in regards to threat models. Â I believe that
> eavesdroppers and active attackers both need to be considered,
> particularly as we have so many open wifi networks.
Sorry. We can't address active attackers using this mechanism. If
you need protection from active attackers, please use TLS.
> To me the simplest way to address the Internet threat model is to
> always use TLS (except, maybe, for images and such elements that have
> little or no security value, though one must be careful when making
> that determination) and to use channel binding. Â See the I-D
> referenced below.
Indeed. This mechanism is for folks who cannot or will not deploy TLS.
Adam